Bypassing kernel patch protection runtime
☆22Feb 19, 2023Updated 3 years ago
Alternatives and similar repositories for PatchGuardResearch
Users that are interested in PatchGuardResearch are comparing it to the libraries listed below
Sorting:
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆83Dec 21, 2022Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ☆43Apr 18, 2023Updated 2 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- A simple C++ driver base with KD data block☆11Jun 25, 2022Updated 3 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆21May 25, 2021Updated 4 years ago
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆71Updated this week
- x64 Windows implementation of virtual-address to physical-address translation☆49Jun 3, 2021Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- undetected cheat engine 7.2☆12Dec 28, 2020Updated 5 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆236Apr 2, 2022Updated 3 years ago
- Sample for Creating a new kernel object type and supporting API☆28Sep 7, 2024Updated last year
- ☆23Jul 24, 2023Updated 2 years ago
- ☆12Sep 21, 2021Updated 4 years ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- Modmap updated to work on Windows 11☆28Jul 30, 2021Updated 4 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- Windows Kernel Programming Experiments☆84Sep 18, 2022Updated 3 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- A demonstration of hooking into the VMProtect-2 virtual machine☆24Nov 9, 2023Updated 2 years ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- Runtime smm module loader☆37Jan 12, 2023Updated 3 years ago
- A wrapper around Windows, calls explicitly the lowest possible calls☆14Jan 19, 2023Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- Decoder for VMProtect hwids☆18Aug 1, 2022Updated 3 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- ☆69Dec 17, 2020Updated 5 years ago
- hook KeyboardClassServiceCallback to prevent messing up sistema☆26Nov 14, 2023Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆271Aug 31, 2022Updated 3 years ago
- i stole this from some guys private repo on github☆58Jul 11, 2021Updated 4 years ago
- PAGE_GUARD based hooking library☆52Jul 25, 2022Updated 3 years ago